After the scan it said something like "Warning! Changes have been caused due to rootkit activity."
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-26 15:46:14
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8BEF5AD8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8BEF6982]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8BEF5F0C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8BEF4E8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8BEF5694]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8BEF4BE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8BEF54EA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8BEF5CBE]
SSDT 876FF9AC ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8BEF4520]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8BEF6604]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8BEF50D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8BEF58CC]
SSDT 876FF998 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8BEF5364]
SSDT 876FF99D ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8BEF4D06]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8BEF63BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8BEF67B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8BEF506E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8BEF5258]
SSDT 876FF9A7 ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8BEF4980]
SSDT 876FF9A2 ZwWriteVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8BEF6018]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateUserProcess [0x8BEF6C12]
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!KeSetTimerEx + 34C 81CCC910 4 Bytes [ D8, 5A, EF, 8B ]
.text ntkrnlpa.exe!KeSetTimerEx + 370 81CCC934 8 Bytes [ 82, 69, EF, 8B, 0C, 5F, EF, ... ]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 81CCC9B8 4 Bytes [ 8E, 4E, EF, 8B ]
.text ntkrnlpa.exe!KeSetTimerEx + 40C 81CCC9D0 4 Bytes [ 94, 56, EF, 8B ]
.text ntkrnlpa.exe!KeSetTimerEx + 438 81CCC9FC 4 Bytes CALL 4358B94C
.text ...
---- User code sections - GMER 1.0.14 ----
.text C:\Windows\System32\svchost.exe[320] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[320] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[472] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[540] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[580] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[628] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[644] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[652] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[804] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[884] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[988] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[1084] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1116] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1228] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1332] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\WLANExt.exe[1476] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1576] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1628] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 00345740 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 00345810 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] USER32.dll!mouse_event 770B1305 5 Bytes JMP 003416D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] USER32.dll!EndTask 770CACCF 5 Bytes JMP 003453D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 00341550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 00341860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 00341230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 003413C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 00345260 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1840] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 003450E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1892] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[1956] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1968] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[2036] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] OLE32.DLL!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\WinRAR\WinRAR.exe[2056] OLE32.DLL!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2312] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] user32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] user32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] user32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[2376] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2552] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2620] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\GMER\gmer.exe[2664] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2788] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\NOTEPAD.EXE[3276] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] user32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] user32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] user32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Skype\Phone\Skype.exe[3364] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3376] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 002B5740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 002B5810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 002B1860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 002B1230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 002B13C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] USER32.dll!mouse_event 770B1305 5 Bytes JMP 002B16D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] USER32.dll!EndTask 770CACCF 5 Bytes JMP 002B53D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 002B1550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 002B5260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3564] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 002B50E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] ntdll.dll!LdrUnloadDll 77A5E89C 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] ntdll.dll!NtClose 77A77F48 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] USER32.dll!mouse_event 770B1305 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] USER32.dll!EndTask 770CACCF 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] USER32.dll!keybd_event 770DD93C 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] GDI32.dll!BitBlt 77846CE7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] GDI32.dll!CreateDCA 7784AC01 5 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] GDI32.dll!CreateDCW 7784ADA5 5 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] ole32.dll!CoGetClassObject 77156120 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[4072] ole32.dll!CoCreateInstanceEx 7716E1CB 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74BF7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74C398C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74BFD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74BEF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74BF7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74BEE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74C2B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74BFD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74BF012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74BF0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74BE71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74C7D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74C175E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74BEDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74BE668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74BE66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2620] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74BF1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.14 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- Services - GMER 1.0.14 ----
Service system32\drivers\gaopdxrslepfyb.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrslepfyb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrslepfyb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtracvkux.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxrslepfyb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxrslepfyb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxtracvkux.dll
---- EOF - GMER 1.0.14 ----